Tech Firms Say FBI Wants Browsing History Without Warrant (engadget.com) 145
Aaron Souppouris, reporting for Engadget: Tech companies and privacy advocates are warning against new legislation that would give the FBI the ability to access "electronic communication transactional records" (ECTRs) without a warrant in spy and terrorism cases. ECTRs include high-level information on what sites a person visited, the time spent on those sites, email metadata, location information and IP addresses. To gain access to this data, a special agent in charge of a bureau field office need only write a "national security letter" (NSL) that doesn't require a judge's approval. It's worth noting that ECTRs don't amount to a full browsing history. If a suspected terrorist were reading this article, the FBI would only see they read "engadget.com" and how long for, rather than the specific page links. Additionally, the ECTRs won't include the content of emails, search queries, or form content, but will feature metadata, so the FBI would know who someone is messaging and when.
Thanks for the tip (Score:2)
you can leave me off the list (Score:2)
I only search for old Dragnet scripts.
Re: (Score:2)
FBI are getting too big for their britches, between lobbying efforts for more power, and pressure tactics on both commercial and other government agencies.
Re: (Score:2)
It's enough to make you start rooting for the "bad guys" almost
Re: (Score:2)
Re: (Score:2)
OK, then, the "worse guys" ;)
When "terrorists" score higher public opinion than Law Enforcement, you know something is wrong....
Re: (Score:2)
Tagged. Now you're it.
Re: (Score:3)
FBI are getting too big for their britches
Who's going to rein them in? Donald? Hillary? I don't think so. The only candidates that want to fix this are Gary Johnson and Jill Stein. Combined, they are polling at about 1%. Americans don't care about privacy, at least not when it matters.
Re: (Score:2)
Anti-Democrat ads for the 2014 election often emphasized the "over-snooping" of the executive branch, per Snowden revelations.
Snooping generally polled a fairly-close 2nd behind ACA as reasons for the high Republican turnout that gave GOP such big gains in Congress.
Voters cared then. Maybe the "trick" is to associate it with a personality while demonizing that personality. It's psychologically easier for humans to hate a face than a policy.
Re: (Score:1)
Re: (Score:1)
Can you imagine walking into a mall and seeing nothing but an empty hall. In order to see what they are selling or even the name of the stores in the mall, I would have to show government ID to someone... then I could see the store name. If I want to go inside and look at the products... well I cant see them until again I show ID and then products appear.
I should not have to show ID to browse. It is ridiculous and everyone should be using Tor or similar identity protecting technologies. Because I am not re
FIFTY! (Score:1)
Tech firms say FBI always wants EVERYTHING THEY CAN GET without warrent.
Why doesn't law enforcement get it? (Score:5, Interesting)
If they walk up to my house and look in a window from the street and see something fine. If the blinds are drawn and they want to see what is behind that window, they need to convince a judge (either before the fact via a warrant, or after the fact with probably cause). Why is it that so many people, especially in government, lose their minds when computers are involved? If I can visit engadget.com and see who is on the site and from where, then fine. If I want them to open up their access logs, I ought to need a judge's approval. Seriously, in this day and age a Judge's approval is never more than 15 or 20 minutes away. It's not like two centuries ago where judges rode circuit and you might have to wait a month until the next time you saw one. Aside from that, if the matters are sensitive, there is an entire court of judges (FISA) with top secret clearances and plenty of federal and even state court judges who have litigated or presided over sensitive cases and also have security clearances. If law enforcement complains that "it's hard" then that is how it should be. Infringing on someone's rights (and that's exactly what a search by the government is) shouldn't be easy.
Re: Why doesn't law enforcement get it? (Score:5, Informative)
This is based on a ridiculous ruling that phone numbers dialed are not private information because they're voluntarily shared with a third party (the phone company) and therefore don't have am expectation of privacy. The case is Smith v. Maryland (1979). Basically they ruled that because phone companies keep records of the numbers dialed that users shouldn't expect any privacy and therefore no warrant is required. This ruling could easily be extended to content with that same logic. For example, Facebook has to keep a record of the messages you send in Messenger because they show your conversation history. You've voluntarily shared that content with them. Phone companies now back up SMS messages in the cloud that can be restored to a new phone or after a factory data reset. In either case, you've voluntarily shared the content with a third party and therefore the same logic could be used to argue no expectation of privacy exists there, either. It is, of course, an awful ruling with ludicrous logic applied. It is one of the most shameful rulings ever issued by SCOTUS.
Re: Why doesn't law enforcement get it? (Score:4, Insightful)
So sharing with one particular third party for a technical purpose also implies consent for sharing with every other third party in the known universe, in particular law enforcement agencies? Does the simple fact that more than two parties are involved complete erase the right to privacy?
Gee, you can take this pretty far, can't you? "No, we were perfectly in our rights to spy on them, because there were three of them"...
Re: (Score:3)
Exactly. The asinine thing about Smith v. Maryland is that even if the call records are shared with the phone company, the phone company is private too! AT&T has the same right to not be searched without a warrant as its customers do.
Now, if AT&T voluntarily decided to hand over records based on a non-warrant request from the FBI, that's allowed (albeit idiotic from a don't-piss-off-your-customers perspective). But it should not be possible to compel them to do so without a warrant.
Re: (Score:2)
Bullshit. A plain reading of the 4th Amendment says no such thing.
Re: (Score:3)
You already did! Note how it says "the right... shall not be violated." It doesn't say "except when the government feels like it." It doesn't say "except when the offense being investigated is [insert hot-button issue here]." And most of all, it doesn't say "except when you're a witness instead of a subject of investigation!"
The reason for the search is completely irrelevant. The right shall not be violated, unless they've got a warrant. Period.
Re: (Score:2)
The Fourth says that I am to be secure in my person, house, papers, and effects. If the FBI wants to search me (other than something like a weapons frisk on arrest), my house, or go through my stuff, they need a warrant. It doesn't say you're secure in my papers and effects. I can be legally compelled, without a warrant, to provide information on you if I have it, without violating the Bill of Rights.
Re: (Score:2)
First of all, the FBI doesn't magically get to search my house just because I'm holding property on behalf of somebody else! Second, if I have information about you, then it's still my information -- my papers, my effects. The phone records AT&T keeps are owned by AT&T, and the fact that they are "about" other entities is irrelevant.
Re: (Score:2)
Found the fed!
Sorry, you're wrong. If you HAVE information, it is your information. The subject of that information is irrelevant.
Re: (Score:2)
Of course the police can't search your house without a warrant, no matter what. (Well, not legally.) The Bill of Rights does have provision for compelling witnesses to be in court, anyway (the Sixth says a defendant has a "compulsory process for obtaining witnesses in his favor", among with other rights the accused has), so the idea that someone may be compelled to provide testimony is there. A subpoena requires someone to produce evidence if they have it, and that doesn't seem out of line. The Fifth
Re: (Score:2)
Sure, and subpoenas are issued by the court -- in other words, with (at least) the same amount of due process as a wa
Re: (Score:2)
Of course they are! Where else do you think the records are being obtained from?
Any legal weaseling to imply otherwise is simply bullshit.
Re: (Score:2)
A search is a search, whether the scope is small or large. If you're trying to figure out whether an action is a search requiring a warrant, the question you ask yourself is not "did the FBI move into the data center and take stuff?" but rather simply "did the FBI obtain information [stored in some fixed medium, i.e., not testimony]?" If the answer to the latter question is "yes," then it was a goddamn search!
This is not a hard concept. I can't tell if you're an idiot who fails to understand it or a totali
Re: Why doesn't law enforcement get it? (Score:2)
You are fucken retarded.
Re: (Score:3)
So sharing with one particular third party for a technical purpose also implies consent for sharing with every other third party in the known universe, in particular law enforcement agencies? Does the simple fact that more than two parties are involved complete erase the right to privacy?
Well they've drawn an imaginary line in the sand and said content is protected, metadata is not. For example with phone numbers they can get the number you dialed without a warrant, but if you dial a menu after connecting they do. So for IP traffic that means to and from address, email it's from and to address and so on. The reason I said imaginary line is that the full URL string is considered specific content, but the site is just metadata on who you connected to. So if you visit "news.bbc.co.uk" that's u
"Expectation of Privacy" may change over the time. (Score:2)
This is based on a ridiculous ruling that phone numbers dialed are not private information because they're voluntarily shared with a third party (the phone company) and therefore don't have am expectation of privacy. The case is Smith v. Maryland (1979). Basically they ruled that because phone companies keep records of the numbers dialed that users shouldn't expect any privacy and therefore no warrant is required. This ruling could easily be extended to content with that same logic. For example, Facebook has to keep a record of the messages you send in Messenger because they show your conversation history. You've voluntarily shared that content with them. Phone companies now back up SMS messages in the cloud that can be restored to a new phone or after a factory data reset. In either case, you've voluntarily shared the content with a third party and therefore the same logic could be used to argue no expectation of privacy exists there, either. It is, of course, an awful ruling with ludicrous logic applied. It is one of the most shameful rulings ever issued by SCOTUS.
The first question when analyzing a search issue is whether a person has an expectation of privacy in the information. When Smith v. Maryland was decided, the judges on SCOTUS had grown up in an era when "party line" telephone lines were used. On a "party line," you share the telephone line with your neighbor or neighbors and your neighbor can listen to your call by picking up their phone. While you are right that they used the sharing-numbers-dialed-with-the-phone-company as the formal reason for a lack
Re: (Score:3)
Re: (Score:2)
All to hard trying to get tech companies to agree to anything. What we need are meta data 'BOMB' add ons, that run in the background creating false data and basically blow up their data bases. It won't generate too much traffic because you do not need to conclude the full data transmission, just create false meta data. All just quietly ticking away in the background, accessing random locations for random amounts of time, with out any action by the end user.
Re: (Score:2)
The librarians decided to keep absolute minimum records so the FBI couldn't harvest them. The FBI can learn that I've got a biography of Garibaldi checked out, but they won't be able to find information on the audiobook I returned last week.
This isn't really applicable to ISPs, since they keep information on me for my own convenience. My email provider stores my email so I can easily access it from multiple machines, for example. I'd like to see this legally kept private, but very few of the Founding
Re: (Score:2)
Just print out the contract and amend it to require a subpoena before releasing relating to you. If the company accepts the change in terms it is then legally bound to request the subpoena. This is no different to crossing out terms that you don't agree with. Just get the changes initialled by the companies representative.
If we all do this the changes will become part of the standard contract.
Re: Why doesn't law enforcement get it? (Score:5, Insightful)
Even if you accept that ruling, the data that is collected and handed over should be limited to IP addresses that I connect to. DNS names should not be included, since they are content, not metadata. If I am using Google nameservers, all the ISP should hand over was that I connected to 8.8.8.8 on port 53, then I connected to an IP address on port 80.
Re: (Score:3)
Re: (Score:2, Informative)
If they walk up to my house and look in a window from the street and see something fine.
No, not fine. Not always anyway. IANAL, so I am overly simplifying here, but cops need a reason to be in the area. Which could be as simple as "I just so happened to be in the area, and just so happened to glance in the direction of the open window". If a cop is routinely going up and down a street, looking in every open window, and the best excuse they can come up with is "well, I might see something", that is illegal.
Re: (Score:2)
Re:Why doesn't law enforcement get it? (Score:4, Informative)
If they walk on to my property with the intent to look in my window, they better already have that warrant in hand otherwise none of what they see will be admissible in court.
Unless you don't know they were on your property, and they use parallel construction [wikipedia.org] to fabricate a different chain of evidence.
DEA official: "Parallel construction is a law enforcement technique we use every day. It's decades old, a bedrock concept."
Re: (Score:1)
Re: (Score:1)
Simple: they're not paid to "get it."
Re: (Score:2)
They do get it. It's just that they care a lot more about their job being easy than they do about the U.S.A. or anything it stands for. If American flag toilet paper was $0.0001 cheaper per roll, they'd use it.
TLA (Score:2)
Re: (Score:1)
Seeing the article with a facebook logo, I wonder if FBI stands for "FaceBook International".
Everyone knows it stands for Female Body Inspector!
Re: (Score:2)
Except J. Edgar Hoover, Female Body Impersonator.
I Vote An FBI Agent (Score:2)
Re: (Score:2)
Brilliant, also lets make every one judge, jury and executioner to expedite justice.
Re: (Score:2)
Why Government want to see browsing history (Score:1)
Re: (Score:1)
Re: (Score:3)
Personally, I find http://backslashdot.org/ [backslashdot.org] rather boring. This site is more fun.
Re:What I don't understand is... (Score:5, Insightful)
Why the fuck does the FBI have a problem with getting a warrant? This isn't Apple's ridiculous refusal to decrypt data when the owner of the phone had consented. This is actually private data and should be protected accordingly. If there's a legitimate reason to access the data, then there shouldn't be any difficulty in obtaining a warrant to obtain access.
They don't have a problem getting warrants.
They want to not be observed to, or have any trace of, who and what they watch.
The goal is "Watching with NO RECORDS OF IT."
Re: (Score:2)
This isn't Apple's ridiculous refusal to decrypt data when the owner of the phone had consented.
Wait, I thought it wasn't an outright refusal, but an appeal (not the same thing), and that they had been willing to cooperate until a certain point, namely the way the FBI wanted to handle the decryption...? I'm so lost now.
Re: (Score:2)
Too many foreign brands, multinationals, dual citizens, cults, faiths, criminals now have generational contacts within the fancy cleared bureaucratic/private sector. Access to requests for devices or accounts of interest to police or who is under investigation is not just the phone company anymore.
Re: (Score:2)
Apple did decrypt the data it could, and the only reason it wasn't everything was that the FBI screwed up big-time. Apple cooperated fully in the investigation.
What Apple was not going to do was what the FBI wanted them to do, which was overly specific, required a fair amount of work, and was likely to hurt Apple's business. It was a power grab on the part of the FBI, and the FBI caved once Apple appealed against the order, showing that the FBI thought Apple had a good case.
Incorrect assumption (Score:5, Interesting)
I can see where this is going.
You might hate terrorism and be looking at isis.com or whataver for legitmate academinc or other reasons, yet the FBI will now just put you on the no fly list anyway.
Get a f*&^ing warrant! (Score:5, Insightful)
Because society tacitly asks for it (Score:3)
We as a society want crime off our streets. So, we want officers to do their job as effectively and efficiently as possible. If someone's in the process of committing a crime, we want it stopped. Waiting for a warrant to get processed is time the perps have to get away and for the crime to go unpunished, and nobody wants that except the criminal.
As I've said repeatedly before, Law Comic [lawcomic.net] is your friend. Borrowing from this page [slashdot.org]: "Rules are respectable. They're how things are supposed to work. But poli
Re: (Score:1)
What would upset you more, allowing a criminal to go free because evidence cannot be obtained legally, or arresting a criminal using evidence that was obtained illegally? (For the purpose of the question, assume the person has indeed committed a crime.)
Once you have illegal evidence, what proof do you have it wasnt planted?
I would rather watch ten guilty men go free then watch one innocent man go to jail.
Re:Because society tacitly asks for it (Score:5, Insightful)
That's the textbook answer (Score:2)
For a textbook world. But in the world we live in, things are never so clear cut. Ask a small business owner whose store was broken into whether they received justice when the perpetrator was allowed to walk after the evidence used to convict him was illegally obtained (pg. 3) [theatlantic.com]. Ask a woman if she receives justice when the man who rapes her is allowed to walk because illegally obtained evidence is suppressed from trial [state.md.us]. As the previously quoted article from "The Atlantic" says, "It is highly important th
Re: (Score:2)
Re: (Score:2)
What would upset me more? Arresting a criminal using evidence that was obtained illegally. Because if they'll bend the rules that way, the next step is manufacturing evidence out of whole cloth. And when t
And I want a solid rhodium toilet (Score:2)
Comment removed (Score:5, Informative)
E-fucking-nough! (Score:2)
NO NO NO
The FBI, CIA, NSA, etc should get NOTHING, not even their paychecks, without a warrant.
Enough already, this is way out of hand.
HTTP, really? (Score:2)
Any suspected terrorist stupid enough to be caught browsing HTTP (or even HTTPS) sites to co-ordinate their activities really ARE NOT the people we need to worry about.
And any "activity report" that just looks at DNS lookups for websites is really useless against the rest.
Honestly, even an SSH to a foreign remote server that does the actual lookup stuff for you would make it much harder to detect what you were looking up, and that's not even counting looking for it on a proper "darkweb" rather than just any
Re: (Score:2)
Obama admits they already do it without a warrant (Score:5, Informative)
"I just came from a meeting, today, in the situation room, in which I’ve got people who we know have been on ISIL websites living here in the United States — US citizens. And we’re allowed to put them on the no fly list when it comes to airlines, ..."
Based on browser history - pardon? What the president just confirmed is that someone from the government is noting everyone's browsing history, determining which websites are not to be visited, and furthermore, if someone does visit the website for whatever reason they get put on a no fly list.
Re: (Score:2, Interesting)
This will be a great troll tactic. Way better than rick rolling.
Trick people into visiting terrorist websites and they'll be on the no fly list forever.
trolololo
Re: (Score:2)
If they're routing any of the traffic, they can see US-based IP addresses going to those sites.
Anyone routing any of your traffic can see that, actually, and IP has never been an anonymizing technology by itself.
If the US government isn't routing anything itself, it can easily traceroute to ISIL servers and ask the last-hop provider(s) on US soil to log the source of all connections to those servers.
This simple and legal method might not be how they're doing it---but the fact is that a simple and legal meth
Re: (Score:2)
I do not see in Obama's words where it says the information based on browser history.
I am sure there are other ways to monitor who is visiting a site besides browser history.
Re: (Score:1)
You can't enforce a law that no-one is allowed to know about - that's batshit bonkers.
If there's a secret list somewhere noting all the things I'm not allowed to know "but I can't know about it" then how can I be expected to follow the law? How can I know I'm following the law? The no-fly list is punitive in different ways to a prison cell, you're telling me I'm too dangerous to fly because I might know something they don't like. In the modern business world that's basically a death sentence.
On the other ha
Re: (Score:2)
You can't enforce a law that no-one is allowed to know about - that's batshit bonkers.
If there's a secret list somewhere noting all the things I'm not allowed to know "but I can't know about it" then how can I be expected to follow the law?
"Did you really think we want those laws observed?" said Dr. Ferris. "We want them to be broken. You'd better get it straight that it's not a bunch of boy scouts you're up against... We're after power and we mean it... There's no way to rule innocent men. The only power any government has is the power to crack down on criminals. Well, when there aren't enough criminals one makes them. One declares so many things to be a crime that it becomes impossible for men to live without breaking laws. Who wants a nat
Re: (Score:3)
Re: (Score:2)
Time spent on sites? (Score:2)
Why do they think that they can tell the time I spent on a site from those logs? They only have the times that I requested the pages. There's no mechanism to say when you are finished reading a page. I can get distracted by a phone call, mail, or someone else. Or maybe I open a link from one article in another tab to read later.
Re: (Score:2)
Different from any other investigation?.. (Score:1)
Just how is this different — in principle — from the normal and old-fashioned investigation, where the investigator would talk to the suspect's friends, business-partners, grocery-suppliers, neighbors, and landlords? And, if the folks had any relevant records, ask to see them?
Sherlock Holmes would do that, Perry Mason would do that, Hercule Poirot would do that, Miss Marple would do that. Why can't the FBI — which law are they viol
Re: (Score:1)
The characters you highlight were investigating a crime.
The characters in the FBI are trying to find a crime to investigate.
Dragnets aren't allowed Sherlock.
Re: (Score:3)
Just how is this different — in principle — from the normal and old-fashioned investigation, where the investigator would talk to the suspect's friends, business-partners, grocery-suppliers, neighbors, and landlords? And, if the folks had any relevant records, ask to see them?
Sherlock Holmes would do that, Perry Mason would do that, Hercule Poirot would do that, Miss Marple would do that. Why can't the FBI — which law are they violating by the mere asking? There is no allegation in TFA of any illegal threats the agents have made against the companies for non-compliance or for demanding a warrant or some other approval from the Judiciary... What is the there there?
I'll bite - because this is compelled, not asked. An NSL *compels* information, and it also comes with a gag order. Neither of that is true of a cop asking. Now, in the case of a standard investigation, if they wanted to compel testimony or info they could get a warrant or a subpoena, as they can now for these records, but that requires a judge, not just a senior FBI agent, and typically never came with gag orders.
Re: (Score:2)
Is it? How are they different? In both cases the policeman/detective can make threats — explicit or veiled — which their target may choose to ignore if he believes, the demand is not legal.
Not any more than a cop saying: "If you don't help, I may suspect you of being in cahoots with him", and adding: "Oh, and please, do not tell him about this conversation, alright?"
Now, this all as
Re: (Score:2)
Sherlock Holmes would reason backwards, eliminate the impossible, and find the truth in what's left. The Baker Street Irregulars would do some canvassing for him, which is the closest you're going to find here. Perry Mason was an attorney, and did not do his own investigations. Hercule Poirot would use his little gray cells. Miss Marple would use her insight into people's personalities developed in St. Mary's Mead. You're not only idiotically trying to make a real point using highly fictionalized char
Re: (Score:2)
Please, don't hate, asshole.
Re: (Score:2)
Perhaps I should have made it more clear that the argument was idiotic, not necessarily you personally. I wasn't trying to insult you, and apologize if I was sufficiently unclear on that.
Why do you HAVE that data? (Score:2, Insightful)
You should not be recording the browsing history of your users. Don't log the shit out of everything. Carry the data, don't keep it. WHY IS THAT SO HARD TO UNDERSTAND?
Inaccurate article is inaccurate (Score:2)
Tech companies and privacy advocates are warning against new legislation that would give the FBI the ability to access "electronic communication transactional records" (ECTRs) without a warrant in spy and terrorism cases.
For the article to have been accurate I'm pretty sure the words "in spy and terrorism cases" should have been omitted. Who added those words? Is it an un-attributed quote, or was it put there by some overly zealous and/or boot-licking reporter or editor? Does anybody really believe that the scope of such investigations will be limited to those that can legitimately be called "spy and terrorism cases"?
right... (Score:2)
If a suspected terrorist were reading this article, the FBI would only see they read "engadget.com" and how long for, rather than the specific page links.
Does anyone even believe that after all the times they have lied?
What the FBI wants (Score:1)
Current text of 18 U.S. Code 2709 - Counterintelligence access to telephone toll and transactional records https://www.law.cornell.edu/uscode/text/18/2709?qt-us_code_temp_noupdates=0#qt-us_code_temp_noupdates
Cornwyn amended text [pdf]
https://www.judiciary.senate.gov/download/s356-cornyn1_-oll16601
Purpose: To amend section 2709 of title 18, United States
Code, to clarify that the Government may obtain a speci-
fied set of electronic communication transactional
records under that section.
pertinent section:
(b)
(2) OBTAINABLE TYPES OF INFORMATION AND RECORDS.—The information and records described
in this paragraph are the following:
(A) Name, physical address, e-mail address, telephone number, instrument number,
and other similar account identifying information.
(B) Account number, login history, length of service (including start date), types of service, and means and sources of payment for service (including any card or bank account information).
(C) Local and long distance toll billing records.
(D) Internet Protocol (commonly known as ‘IP’) address or other network address, including any temporarily assigned IP or network address, communication addressing, routing, or
transmission information, including any network address translation information (but excluding cell tower information), and session times and durations for an electronic communication.’’.
Um, not seeing anything about browsing history. Frankly, it seems a reasonable update to that section which had changed very little since 2001. Before 2001, subsection (A) read, "the information sought is releva
Did anyone REALLY think that NSL were (Score:1)
Really?
Wasn't it ALWAYS about keeping tabs on dissenters who might have actual plans to win elections and coordinate?
Go ahead, let yourself dream of the ultimate 1984 scenario, then tell me what is missing
Dicknose would have LOVED Gitmo